1. Field of the Invention
The present invention relates to an image processing apparatus to which a security policy is applicable, a control method therefor, and a storage medium storing a control program therefor.
2. Description of the Related Art
A personal computer (PC) and server machines, such as a file server and an authentication server, which are connected to a network of an office, are preferable to be operated according to an information security policy determined for the office.
An information security policy is a basic policy of an information security of the entire company, and is what summarized a policy of use of information, a policy for preventing invasion from the outside, and a policy for preventing information leak. An information security policy is established by an administrator who treats security.
A peripheral apparatus, such as an image processing apparatus, in addition to a PC and a server device may be connected to an office network. An image processing apparatus in recent years does not only print or transmit an image, but also stores image data, provides a file service function to a PC, and it plays increasingly the same role as another server machine located on a network.
Moreover, since an application development environment of an image processing apparatus is opened in recent years like an environment of a PC, an application developed by a third party is available.
In order to maintain a safe and secure office environment, an image processing apparatus is required to follow an information security policy in the same manner as a PC or a server machine. Following an information security policy here means that a restriction on security is established in practical use of an image processing apparatus in order to prevent unauthorized use and information leak of the image processing apparatus in an office. For example, user authentication is required when a user operates an image processing apparatus.
In a field of a PC and a server machine, there is a method that setting values, which are dependent on an OS for example, are collectively set by a distribution server and that the setting values are distributed to a PC and a server machine, in order to make them follow an information security policy.
A setting value of “non-SSL connection is permitted” is an example of a setting value that is dependent on an OS. Such a setting value is systematically managed so that a PC of any vender follows the information security policy defined by the setting value.
In a field of an image processing apparatus, since available settings about security are different for each image processing apparatus, a setting value that is dependent on an OS cannot be distributed as-is like a PC or a server machine.
Accordingly, there is a proposed system that sets security to an apparatus according to an information security policy based on a rule established for each apparatus (for example, see Japanese Laid-Open Patent Publication (Kokai) No. 2008-219419 (JP 2008-219419A)).
Since such an information security policy is revised by daily operation, an administrator needs to update an information security policy and needs to set it to a PC or a server machine again.
There is a proposed system in which a PC or a server machine searches a distribution server, and receives and sets an updated information security policy when it is available (for example, see Japanese Laid-Open Patent Publication (Kokai) No. 2005-209070 (JP 2005-209070A)).
The information security policy is updated when a setting value is changed or a new information security policy is added.
The latter case needs to introduce a device corresponding to the new information security policy or to upgrade an existing device so as to correspond in order to reflect the new information security policy to a device.
Accordingly, it is difficult to make all the devices correspond to the new information security policy simultaneously at the time when the policy is updated.
When the updated information security policy is automatically applied to devices using the conventional technique, devices to which the information security policy is reflected and devices to which the policy is not reflected are intermingled, which complicates an administrator's determination of whether the information security policy has been reflected to each device.